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Amendments to the Claims: 

This listing of claims will replace ali prior versions, and listings, of claims In the 
application: 



Listing of Claims: 

1 (Currently Amended) A method of authenticating candidate members 
wishing to participate in an IP multicast via a communication netvwsrk. where data sent 
as part of the multicast Is to lie secured using a key revocation based scheme roquiring 
a w rt- oaoh candidato mombor subm i t a pub li c hey to a group oontrol l cr in order to 
booomo a participating candidate momber, the method comprising: 

a candidate member receMna an invitation fm m a group controller to loin the 

multicast: 

thR candidate member sending a reoip tratlon messaae to the group controller. 
the registration message Including the candidate mem ber's originating IPv6 address, a 
9ppv of the candidate member's public kav from the c andidate member's public-priV9te 
key pair and a digital signature usinQ the candida te member's private kev from the 
candidate member's public-private kev pair: 

at the group controller, verifying that the public key received from eaeh ttjg 
candidate member wishing to participate is owned by the that candidate member and 
that the public key is associated with the respective c andidate member's IPv6 [[IP]] 
address of that cand i dato mombor by inspecting an InterfacelD part of the IPv6 
[[IP]]addfessiand. 

ijf^i n^ the digital signfrture. furth er verifvlno t^atthe candidate member owns the 
lublic-Drivate kev pair to which the oubiic kev belon gs and that fhfl candidate tenninal 
owns the source IP address. 

2. (Currently Amended) [[AJl Ihe method according to claim 1 , wherein 
said key revocation based scheme is a Logical Key Hierarchy based scheme. 
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3. (Currently Amended) HA]] Ihe method according to claim 1 , wlierein 
each candidate member generates Uan]] m interfaceiD part of th^ can^i^^t^ member's 
IPv6 ite ewnlPvi address by talcing a cryptographic hash over the candidate member's 
own public key and one or more other parametersr and tho oandidato member oonds a 
joining request to th e group oontrol l or which contain s : 



t l ^c mombor's IPv6 [[IP]] oddrooo i nclud i ng tho gonoratod intorface i n; 
tho oand i dato mombor's own pub l ic Itey; an d 

a o l gnaturo ovpr tho ontiro moooagG gonoratod using th e momber' s private i < ;ey . 

4. (Currently Amended) [[A]] Jhe method according to claim 3, wherein 
upon receipt of the message, the group controller: 

a) uses usirjfl the received public key to confirm that the signature is valid, thus 
proving that the candidate member does indeed own the public-private key pair to which 

the received public key belongs and 

b) applies aPDlvinq the same cryptographic hash, as used by the candidate 
member, to the public key and the other parameter (s) and comparing compares the 
result to the interfaceiD part of the candidate member's lE\i§ [[IP]] address, thus 
verifying that the source ]P^ [[IP]] address Is owned by the candidate. 



after the group controller has received the public key from a given candidate member 
and has verified that the public key is associated wHh the iEv6 [DP]] address of the 
sender, the group controller sends a unique Key Encryption Key to the member, 
encrypted wrth that member's public key, and the group controller also sends a Traffic 
Encryption Key and a LKH key set to the member, encrypted with the Key Enciyption 
Key. 



(Currently Amended) [[A]] Ihe method according to dalm 1 , wherein 
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HA]] Ihe method acconding to claim 2, wherein, 



said IP multicast comprises: 



10/17/2008 15:34 009725837864 PAQE 06/20 



Appl. No. 10/527.368 

Amdt Dated October 17. 2008 

Reply to Office action of June 20, 200S 

Attorney Docket No. PITSOMJSI 

EUS/J/P/08-3369 

a one-way multicast where a single node multicasts a stream of data to several 
other nodes; 

a group multicast where group members multicast data to all other members of 
the group; or 

a tele-conference or a videoconference or a multimedia conference. 

7. (Currently Amended) A method of authorizing authoris i ng a user to 
participate in a secure IP multicast or broadcast in which security l<oy6 aro dictributod to 
group mcmbcro ucinj ? '""y m^'^'-^tinn h^FPri mnnhfln i sm . the method comprising: 

distributing secufitv Icevs to users using a l<ev revoca tion based mechanism: 

delivering a certificate to the user, the certificate verifying that.a public-private 
i<ey pair identified in the certificate can be validly used by the user to access said secure 
fY.. .Hira^/hmarif.afit, wh?*^'" ^® Certificate further Incl udes a digital signature generated 
bv applying an algorithm and the user's private Icev t o the contents of the certificate: 

subsequently verifying at a control node that the certificate is owned by the user 
using a proof-of-possession pmrflriure that Is based on the private kev: and 

assuming that verification rs obtained, using said public key to send a Key 
Encryptton Key to the user. 

8. (Currently Amended) [[A]] The method according to claim 7, wherein 
said key revocation based scheme is a Logical Key Hierarchy based scheme. 

9. (Cun-ently Amended) [[AI] The method according to claim 8, wherein 
said step of verifying at [[a]] the control node that the certificate is owned by the user, Is 
carried out after the control node receives a request from the user to Join said secure 
multicast or broadcast 

1 0. (Currently Amended) [[A]] Ibg method according to claim 7, wherein 
said proof-of-possession procedure Involves the control node sending a random number 
to the user in plain text, and the user sending a response to the control node containing 
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a signature generated by applying the private l^ey to the random number, wherein the 
control node Is In possession of Hie user's certificate and can check whether or not the 
message is con^ctly signed with the user's private key, 

1 1 . (Cun-ently Amended) [[A]l Ihe method according to claim 7, wherein 
the user to be authorized authoriood has a subscription to a first, home communication 
network and wishes to participate in a multicast or broadcast service via a second, 
visited feFei§ft network In which the user is roaming, the method comprising: 

the visited nRhitfniic. in which the user is njamlnq. contacting the user's home 
networi^, upon receipt of an Initial registration request from said user, to authorize 

authorise the user; 

following authorization authorisation by the home network, generating a 
certificate relating to said service and generating UaJ] the public-private key pair, either 
at the user equipment or vrtthin one of the networi<s, and signing the certificate; and 
sending the certlTicate to the user. 

1 2. (Currently Amended) [[A]] The method according to claim 1 1 , 
wherein an Authentication and Key Agreement (AKA) procedure is used to authorise the 
user. 

1 3. (Currently Amended) A group controller for authenticating candidate 
members wishing to participate in an IP multicast via a communication networi<, where 
data sent as part of the multicast is to be secured using a key revocation based scheme 
requiring that each candidate member submit a public key to the [[a]] group controller in 
order to become a participating candidate member, the group controller comprising: 

mean^ for sending an invitation to a cand idate member to ioin the multicast: 
means for receivinn from the candidate m ^n^t^Qr a reoistration message, the 
registration message including the candidate mem ber's originating IPv6 address, a copy 
of the candidate member's public kevfirom the ca ndidate member's public-private key 



Page 6 of 1 7 



PAGE m * RCVD AT 1llf17/20l)S 4:3S:00 PM [Eastern Daylight fune] ' SVR:USPT0{FXRF«12 * DNIS:27383(I0 ' CSID:II0972S837864 * DURATION (innHSS):02-38 



10/17/2008 15:34 009725837864 



PAGE 08/20 



Appl. No- 10/527.368 

AfDdt. Dated Octobar 17, 2008 

Reply to Office acHon of June 20, 2008 

Attorney Docket No. P17a80-US1 

EUS/J/P/0&^69 

pair and a digital signature using the candidate member's ppy?te kev from the 
candidate member's pn^iic-Drivate key paic 

means for verifying that the public key received from the eae»» candidate member 
wishing to participate is owned by the that candidate member and that the public key is 
associated with the IP addrcos of that candidate member's IPv6 address by inspecting 

an interfacelD part of the IP address 

means for using the digital signature for verifying that the candidate member 
owns the pubiic-private kev pair to which the public kev belongs ai]ti that the candidate 
terminal owns the source IP_address. 

■ 

14. (Canceled) 

1 5. (Currently Amended) [[AJJ lbs group controller according to claim 
13, wherein said key rBvocation based scheme is a Logical Key Hierarchy based 
scheme. 

1 6. (Cun^ntly Amended) [[A]] TM group controller according to claim 

13, further comprising: 

means for receiving and storing a generated interfacelD part of a candidate 
member's ownlPv6 address and for receiving a joining request from the candidate 
member to the group controller whfch contains: 

the member's IPv6 [[IP]] address including the generated Interface ID; 

the candidate member's own public key; and 

a signature over the entire message generated using the member's private key. 

1 7. (Currently Amended) [[A]] Bs group controller according to claim 
16, further comprising means for, upon receipt of the message: 
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using the received public key to confirm that the signature is vaiid, thus proving 
that the candidate member does indeed own the public-private key pair to which the 

received public key belongs; and 

applying a the sam e cryptographic hash, used by the candidate member, to the 
public key and other parameters and compar e comparing the result to the interfaceiD 
part of the candidate member's IPv6 [PP]] address, thus verifying that the seure© I Pv6 
[[IP]] address is cwn&d by the candidate member. 

1 8. (Cun-ently Amended) [[A]] Jhe group controller according to claim 
17, wherein, after the group controller has received the public key from a given 
candidate member and has verified that the public key is associated with the IP address 
of the sender, the group controller having: 

means for sending a unique Key Encryption Key to the candidate member , 

encrypted with that candidate member's public key; and 

means for sending a Traffic Encryption Key and a LKH key set to the candidate 
member, encrypted with the Key Encryption Key. 

■ 

19. (Cun^ntly Amended) [[A]] Ihg group controller according to claim 
13, wherein said IP multicast comprises: 

means for a single node multicasting a stream of data to several other nodes; 
means for a group multicast where group members muKicast data to all other 

members of the group; or 

means for a tele-conference or a videoconference or a multimedia conference. 

20. (Currently Amended) A group controller for authorizing authoris i ng a 
user to participate in a secure IP muKicast or broadcast i n which oocurity keys are 
diotr l buted to group mombcrs uoing a koy rovoGation baood moohaniqm , the group 

controller comprisirtg: 

means for ^ifttributina security kevs to the user using a key revQcatjpn based 

mechanism: 
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means for delivering a certificate to the user, the certificate verifying thtat a pubiio- 
private l<ey pair identified in the certificate can be validly used by tlie user to access said 
secure multirnrt/hmtrinp t multicast or broadcast, wherein the ce rtificate includes a 
diOTtal signature generated bv applvinQ an algorithm and the user's private key to tlie 

contents of the certificate: 

means for subsequently verifying at a control node that the certificate Is owned 
by the user using a proof-of-possession procedure that is base d on the private key; and 

means for assuming that verification is obtained, using said public key to send a 
Key Encryption Key to the user. 

21 . (Currently Anrended) HA]] JiM QrouP controller according to claim 

20, wherein said key revocation based scheme is a Logical Key Hierarchy based 
scheme. 

22. (Currently Amended) {[A]] IM gro"P oontroller according to claim 

21 , wherein means for verifying at [[a]] the control node that the certificate is owned by 
the user, also verifies the certificate after the control node receives a request from the 
user to join said secure multicast or broadcast. 

23. (Currently Amended) [[A]] The group controller according to claim 

20, wherein the control node further comprises: 

means for sending a random number in a message to the user in plain text; and 
means for receiving from the user a response containing a signature generated 

by applying the private noition of the public-private key to the random number, wherein 

the control node is in possession of the user's certificate and can check whether or not 

the message is correctly signed with the user's private key. 

24. (Currently Amended) [[A]] The group controller according to claim 
20, wherein the user to be authorized authorised has a subscription to a first, home 
communication network and wishes to participate in a multicast or broadcast service via 
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a second, visited fereigft network in which the user is roaming, the group controller 

including means for 

the visited network^ jp which the user is roaming, contacting the user's home 
network, upon receipt of an initial registration request from said user, to atfthorize 
authori se the user 

receiving from the visited network contacting the user's home network, upon 
receipt of an inrtial registration request from said user, to authorize outhori s e the user; 

means for generating [[a]] the certificate relating to said service foilowing 
authorization authorisation by the home network; 

means for generating [[a]J the public^private key pair and signing the certificate; 

and 

means for sending the certificate to the user 

25. (Cun^ntly Amended) [[A]] Ihe group controller acconding to ciaim 
20, wherein an Authentication and Key Agreement (AKA) procedure is used to authorize 
a u thoris e the user. 
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